Re: port 16001 and 111

To: debian-security@lists.debian.org
Subject: Re: port 16001 and 111
From: Jussi Ekholm <ekhowl@goa-head.org>
Date: Sat, 26 Oct 2002 23:13:28 +0300
Message-id: <[🔎] 20021026201328.GC2013@erpland>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20021018051158.GC18786@virus.home>
References: <[🔎] 20021015052730.GB28690@erpland> <[🔎] 87elasneqv.fsf@goat.bogus.local> <[🔎] 20021017161508.GE29138@erpland> <[🔎] 20021018051158.GC18786@virus.home>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jean Christophe ANDRÉ <jean-christophe.andre@auf.org> wrote:
> Jussi Ekholm écrivait :
>> The same answer as a luser and as a root. What should I deduct from
>> this? It's just so weird as I'm not running NFS, NIS or any other
>> thingie that should use this port...
> 
> You said "what would try to connect to my system's port [...] 111
> from within my own system". I would answer "something that is
> configured to do so"?

Yup, but what?

> You may not look what binds this port since you don't run portmap
> but instead what is configured to try NIS, NFS, ... access!  Did you
> tune your /etc/nsswitch.conf to try NIS? Or something else...

Nope, I haven't tuned anything concerning NIS or NFS, as I haven't had
any need to do so. Although, the file nsswitch.conf exists in /etc. I
think I *did* turn on the support what comes to kernel, but other than
that I haven't done anything. Now I've removed portmapper from boot-up
and stopped it from /etc/init.d/ manually (actually more than once
:-). This is the best I can think, but still I had three entries of
sunrpc connection attempts in my iplogger.log yesterday.

It seems, that the file you mentioned comes along with base-files, so
the removing of that package is out of the question *g*. Ah well, I'll
keep my eye sharp for these connection attempts recorded by iplogger,
and hope that my system's not compromised. Also, I'll try to look the
one to blame by checking logs and matching the time the events
happened and so on. Let's see if something turns up...

- -- 
Jussi Ekholm <ekhowl@goa-head.org> | <http://erppimaa.ihku.org/> | <0x1410081E>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9uvdoAtEARxQQCB4RAlERAKDVJTJhLQp552tm34H5d1z+A3BHHgCfQm7S
xZV0w99yesSp4oWF3UqHWAI=
=lV9E
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: port 16001 and 111
  - From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>

References:
- port 16001 and 111
  - From: Jussi Ekholm <ekhowl@goa-head.org>
- Re: port 16001 and 111
  - From: Olaf Dietsche <olaf.dietsche#list.debian-security@t-online.de>
- Re: port 16001 and 111
  - From: Jussi Ekholm <ekhowl@goa-head.org>
- Re: port 16001 and 111
  - From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>

Prev by Date: Re: port 16001 and 111
Next by Date: Re: port 16001 and 111
Previous by thread: Re: port 16001 and 111
Next by thread: Re: port 16001 and 111
Index(es):
- Date
- Thread